1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-21 21:21:06 +00:00
Commit graph

16762 commits

Author SHA1 Message Date
Emily 71bbd876b7 nixos/hardened: don't set kernel.unprivileged_bpf_disabled
Upstreamed in anthraxx/linux-hardened@1a3e0c2830.
2020-04-17 16:13:39 +01:00
Emily 9da578a78f nixos/hardened: don't set kernel.dmesg_restrict
Upstreamed in anthraxx/linux-hardened@e3d3f13ffb.
2020-04-17 16:13:39 +01:00
Emily cf1bce6a7a nixos/hardened: don't set vsyscall=none
Upstreamed in anthraxx/linux-hardened@d300b0fdad.
2020-04-17 16:13:39 +01:00
Emily 3b32cd2a5b nixos/hardened: don't set slab_nomerge
Upstreamed in anthraxx/linux-hardened@df29f9248c.
2020-04-17 16:13:39 +01:00
Euan Kemp bc138f407f
nixos/k3s: add initial k3s service
* nixos/k3s: simplify config expression

* nixos/k3s: add config assertions and trim unneeded bits

* nixos/k3s: add a test that k3s works; minor module improvements

This is a single-node test. Eventually we should also have a multi-node
test to verify the agent bit works, but that one's more involved.

* nixos/k3s: add option description

* nixos/k3s: add defaults for token/serveraddr

Now that the assertion enforces their presence, we dont' need to use the typesystem for it.

* nixos/k3s: remove unneeded sudo in test

* nixos/k3s: add to test list
2020-04-17 16:39:54 +02:00
adisbladis 5340ebe085
mopidy: Create a mopidyPackages set
This is to avoid mixing python versions in the same plugin closure.
2020-04-17 12:39:03 +01:00
Maximilian Bosch ab0a10b39b
Merge pull request #85341 from Ma27/bump-hydra
hydra: 2020-04-07 -> 2020-04-16
2020-04-16 21:48:45 +02:00
Yegor Timoshenko 8262ecd369
Merge pull request #85004 from emilazy/add-initrd-secrets-path-assertion
nixos/stage-1: check secret paths before copying
2020-04-16 17:42:40 +03:00
worldofpeace b61999e4ad
Merge pull request #85332 from arianvp/revert-acme
Revert "nixos/acme: Fix allowKeysForGroup not applying immediately"
2020-04-16 08:43:36 -04:00
Maximilian Bosch 74d6e86ec2
nixos/doc: fix database-setup example for matrix-synapse
Closes #85327
2020-04-16 11:38:15 +02:00
Arian van Putten 5c1c642939 Revert "nixos/acme: Fix allowKeysForGroup not applying immediately"
This reverts commit 5532065d06.

As far as I can tell setting RemainAfterExit=true here completely breaks
certificate renewal, which is really bad!

the sytemd timer will activate the service unit every OnCalendar=,
however with RemainAfterExit=true the service is already active! So the
timer doesn't rerun the service!

The commit also broke the actual tests, (As it broke activation too)
but this was fixed later in https://github.com/NixOS/nixpkgs/pull/76052
I wrongly assumed that PR fixed renewal too, which it didn't!

testing renewals is hard, as we need to sleep in tests.
2020-04-16 10:37:04 +02:00
Maximilian Bosch 5e124e5abd
nixos/tests: fix inclusion of hydra test 2020-04-16 02:17:25 +02:00
Maximilian Bosch 2d55f9c01a
Merge pull request #84266 from Ma27/nspawn-overrides
nixos/systemd-nspawn: disallow multiple packages with `.nspawn`-units
2020-04-16 00:24:33 +02:00
Maximilian Bosch 70ecf83c33
Merge pull request #82339 from Ma27/captive-browser-xdg
nixos/captive-browser: set chromium's data-dir to a XDG-compliant location
2020-04-16 00:06:12 +02:00
Florian Klink 7835641e77
Merge pull request #85252 from flokli/nixos-flannel-fix
nixosTests.flannel: port to python, unbreak
2020-04-15 20:01:13 +02:00
Maximilian Bosch dca0b71876
Merge pull request #85162 from Ma27/build-vms-file-loc
nixos/build-vms: propagate file location
2020-04-15 17:42:12 +02:00
Michele Guerini Rocco da232ea497
Merge pull request #78129 from flyfloh/airsonic-vhost
airsonic: fix virtualHost option
2020-04-15 09:18:28 +02:00
Florian Klink 28ef43824b nixosTests.flannel: port to python, unbreak
For reasons yet unknown, the vxlan backend doesn't work (at least inside
the qemu networking), so this is moved to the udp backend.

Note changing the backend apparently also changes the interface name,
it's now `flannel0`, not `flannel.1`

fixes #74941
2020-04-14 23:56:42 +02:00
Matthew Bauer 57e20c5d87
Merge pull request #83362 from bachp/boinc
nixos/boinc: simplify setup of boinc service
2020-04-14 15:55:54 -04:00
Maximilian Bosch 57087ea280
Merge pull request #85165 from mayflower/alertmanager-clustering
prometheus/alertmanager: implement HA clustering support
2020-04-14 16:13:34 +02:00
worldofpeace 6304c9af48
Merge pull request #85222 from mayflower/libinput-manual-ref
nixos/libinput: refer to libinput manual
2020-04-14 09:42:55 -04:00
worldofpeace e4c5e68fca
Merge pull request #84255 from prikhi/lightdm-mini-greeter-040
lightdm-mini-greeter: 0.3.4 -> 0.4.0
2020-04-14 08:38:23 -04:00
Linus Heckemann 9953a26be1 nixos/libinput: refer to libinput manual 2020-04-14 14:31:49 +02:00
Sander van der Burg 0ffb720e8c nixos/dysnomia: fix documentRoot property 2020-04-14 14:31:13 +02:00
Michele Guerini Rocco 86d71ddbed
Merge pull request #85170 from flokli/networking-virtual
nixos/networking: fix setting MAC Address and MTU in networkd, fix tests
2020-04-14 14:20:49 +02:00
Jörg Thalheim fd438d5f09
Merge pull request #85185 from m1cr0man/legoaccounts
acme: share accounts between certificates
2020-04-14 13:12:57 +01:00
worldofpeace 57b862bb53
Merge pull request #85125 from iblech/patch-iodine-test
iodine: improve test in view of #58806
2020-04-14 08:03:23 -04:00
Jaka Hudoklin de6891ffd0
Merge pull request #83930 from xtruder/nixos/virtualisation/hyperv-image
modules/virtualisation: add hyperv-image
2020-04-14 03:27:22 +00:00
Lucas Savva 827d5e6b44
acme: share accounts between certificates
There are strict rate limits on account creation for Let's Encrypt
certificates. It is important to reuse credentails when possible.
2020-04-14 00:15:16 +01:00
Florian Klink d1edd8b2f6 nixosTests.networking: test setting MTU and MAC Address
Both the scripted and networkd backend now support setting MTU and MAC
Address, so do this in a test to ensure it doesn't break.
2020-04-13 22:03:35 +02:00
Florian Klink 5150378c2f nixosTests.networking.virtual: fix with networkd
We only need to wait for network.target to get up, and the
network-addresses-${interfaceName} units are scripted networking only.
2020-04-13 22:03:35 +02:00
Florian Klink 1e1945319c nixosTests.networking: make routing table comparison more reliable
This was whitespace-sensitive, kept fighting with my editor and broke
the tests easily. To fix this, let python convert the output to
individual lines, and strip whitespace from them before comparing.
2020-04-13 22:03:35 +02:00
Florian Klink 532528190b nixos/networking: move network-link-${i.name} to scripted networking
The unit sets MTU and MAC Address even with networkd enabled, which
isn't necessary anymore, as networkd handles this by itself.
2020-04-13 22:03:35 +02:00
Florian Klink ca391c8a4f nixos/networking: add assertion catching setting mac addresses on tun devices
Setting a MAC Address on a tun interface isn't supported, and invoking
the corresponding command fails.
2020-04-13 22:03:35 +02:00
Florian Klink cddc7a28b8 nixos/networking: fix setting .macAddress and .mtu with networkd
This needs to be set in the .linkConfig of a .network
2020-04-13 22:03:35 +02:00
Robin Gloster e484ca3d9b
alertmanager: implement HA clustering support 2020-04-13 18:39:51 +02:00
Jörg Thalheim 4c3f1d321a
Merge pull request #76723 from jokogr/u/traefik-2.1.1
Traefik: 1.7.14 -> 2.2.0
2020-04-13 17:16:54 +01:00
Maximilian Bosch ec6bac99cc
nixos/build-vms: propagate file location
When trying to build a VM using `nixos-build-vms` with a configuration
that doesn't evaluate, an error "at `<unknown-file>`" is usually shown.

This happens since the `build-vms.nix` creates a VM-network of
NixOS-configurations that are attr-sets or functions and don't contain
any file information. This patch manually adds the `_file`-attribute to
tell the module-system which file contained broken configuration:

```
$ cat vm.nix
{ vm.invalid-option = 1; }

$ nixos-build-vms vm.nix
error: The option `invalid-option' defined in `/home/ma27/Projects/nixpkgs/vm.nix@node-vm' does not exist.
(use '--show-trace' to show detailed location information)
```
2020-04-13 17:50:13 +02:00
Mario Rodas 66e43c6588
Merge pull request #84599 from doronbehar/nodejs-python3
nodejs: use python3 if possible
2020-04-13 07:44:05 -05:00
Maximilian Bosch 1bf1ae3966
Merge pull request #85092 from mayflower/prometheus-local-config-gen
prometheus: use runCommandNoCCLocal for config gen
2020-04-13 11:03:16 +02:00
Ingo Blechschmidt f379e74f1e iodine: improve test in view of #58806 2020-04-13 06:22:27 +02:00
Ioannis Koutras 9360e3723d nixos/traefik: add test 2020-04-12 22:50:36 +02:00
Ioannis Koutras 1f61fbf326 nixos/traefik: make config deep mergeable 2020-04-12 22:50:36 +02:00
Ioannis Koutras bc766b003a nixos/traefik: Adapt to traefik v2
This commit:

1. Updates the path of the traefik package, so that the out output is
   used.
2. Adapts the configuration settings and options to Traefik v2.
3. Formats the NixOS traefik service using nixfmt.
2020-04-12 22:50:36 +02:00
John Ericson 923dc61c9b
Merge pull request #85085 from Ericson2314/document-haskell-env-changes
nixos/doc: Document breaking change to Haskell dev shells
2020-04-12 16:33:53 -04:00
Robin Gloster 0e040d16e8
prometheus: use runCommandNoCCLocal for config gen 2020-04-12 20:13:23 +02:00
John Ericson 8594285c25 nixos/doc: Document breaking change to Haskell dev shells 2020-04-12 11:58:05 -04:00
Graham Christensen 56c8b7eeda
Merge pull request #84946 from bqv/nftables
nixos/nftables: fix typo in ruleset example
2020-04-12 09:38:55 -04:00
Graham Christensen 35d8514a91
Merge pull request #81848 from grahamc/nested-specialisation
specialisation: replace nesting with named configurations
2020-04-12 08:56:11 -04:00
Graham Christensen ec2d28e323
specialisation: replace nesting with named configurations
Co-authored-by: worldofpeace <worldofpeace@protonmail.ch>
2020-04-12 08:12:50 -04:00